Every December and January we see multiple public relations-driven “next year predictions” and these predictions are, unsurprisingly, self-serving to their clients. Why not go straight to the source? For this article, I spoke with several security leaders and asked them all the same question: “What people, process, or technology shift will help you most to do your job more efficiently in 2026?”
Here’s what they said:
Brian Honan, Owner, BH Consulting
“I think the process that is going to have the biggest impact for many in 2026 is third party risk and in particular managing resilience in the supply chain. A big driver is the raft of legislation, particularly in the EU, such as the EU Digital Operational Resilience Act (DORA) and the EU Network Information Security Directive version 2 (NIS2), that require organisations to manage cyber risk in their supply chain.
Couple that with the recent outages at AWS, Azure, and Cloudflare, we will see many organisations evaluate how they manage third party risk. However, managing these risks by sending questionnaires will no longer be sufficient and CISOs in 2026 need to better understand the critical choke points in their supply chain and look at controls to build better resilience into it.”
Greg Mathes, Information Security Manager with 15 years of cybersecurity experience
The two main forces I see affecting security leaders today are the continued adoption and maturation of AI, as well as economic impacts affecting security budgets. These can seemingly play into each other because, as security leaders, we must continue to justify budgets for both people and technology. The adoption of AI can help reduce manual tasks, increasing the efficiency of our staff to perform more value-adding work. I want to emphasize that this is aimed at increasing staff efficiency, not eliminating jobs. I think it is a very dangerous statement and trend suggesting AI can replace humans. This can have disastrous effects on staff morale, and in many cases, if we move to use AI to replace junior staff, the pipeline into more senior roles will eventually dry up.
However, as we have seen, the benefits in many organizations outweigh the cons. Most organizations, large and small, are inundated with manual tasks, which makes many of our processes very expensive. This is compounded by economic forces that many organizations face today, which limits their ability to hire additional staff. For years, the industry has been working to solve these problems with SOAR, RPA Bots, or other programmatic solutions to do this bulk work. I think the use of AI extends the work we have already done in that space, but in a broader application. For example, in the security industry, most of the work with SOAR has been to reduce workload within SOCs. This was very much needed, as alert volumes have reached an unmanageable level for most SOCs, and throwing more people at the problem proved to be very costly. The addition of AI extends those capabilities even further by helping junior analysts combine data related to the incident, as well as external threat information that can potentially assist with correlating the alert to known external threats, thus shortening the timeline for SOC analysts to triage and disposition an alert.
The significant difference is that as we integrate AI across organizations, we can leverage these new skills and automation capabilities to apply them to other areas of security that have historically required large amounts of manual work. There are many areas across the security landscape outside of the SOC that have opportunities to mature with the use of AI, including GRC activities to summarize new regulations or collected evidence, vulnerability management activities ranging from vulnerability summarization to executive-level reporting on the state of the program and identity governance to assist with access management and reviews.
I see these capabilities continue to evolve and mature across security tools over the next 2 to 3 years. We are only now beginning to realize the ROI that organizations can receive by integrating AI into their security processes. As we are all exposed to AI on a daily basis, our minds can now conceive of additional use cases where it can be applied. This is most realized through the use of agentic AI, where instead of defining task by task that we need automated, we can define a job function that may have multiple steps to it. The development of these capabilities can take time for the security vendors to develop and release them to the market.
This time to market will obviously differ between startups and the larger vendors. Even larger organizations with trained staff can achieve this by refocusing their staff internally, who were previously focused on process improvement through RPA bots, to developing internal agentic AI bots that are more intelligent than the previous RPA bots.
Daniel Schwalbe, CISO and VP IT, DomainTools
“The obvious answer here would be ‘AI will make us more efficient, cut through the noise – AI all the things.’ However, I don’t agree with that, at all. What I have learned over my 25 years of working in InfoSec is that you cannot credibly automate away human intuition, instinct, and smart decision making. AI/ML requires clean, highly structured, and consistently labeled data.
Our security logs are none of those things. The tools merely automate bad processes faster, accelerating alert fatigue and increasing the risk of missing a zero-day because the “AI” deemed it benign statistical noise.
The promise of SOAR is centralized orchestration. The reality is months of costly, brittle integration work that breaks with every vendor update. We spend more time maintaining the automation pipeline than the pipeline saves us.
We don’t have enough people who can build, train, and maintain sophisticated AI/ML models while understanding threat hunting. The technology requires a new, hyper-specialized (and hyper-expensive) skill set, defeating the goal of efficiency.
The single most impactful shift for efficiency in 2026 will be the Process and People shift toward Radical Simplification and Security Accountability Diffusion. Our current efficiency killer is the Retrofit Security Tax, e.g. the cost of fixing security flaws after deployment.
We must move away from complex, exceptions-ridden security policies (50+ pages) and adopt a philosophy of minimal viable control sets. Our policy documents should shrink to less than 10 pages, focusing only on the highest-risk constraints, not infinite compliance checklists.
To fully embrace this, we should conduct a ruthless audit to decommission at least 1/4 of our overlapping security tools by 2027. This slashes licensing costs, reduces integration complexity, and forces analysts to master a core set of highly effective tools, improving proficiency and reducing false positives. This process shift reduces the complexity that causes security debt, meaning fewer incidents to investigate and a far smaller attack surface to defend, which is the ultimate measure of security efficiency.
Security is a shared responsibility. We must break the myth that the CISO owns all security risks. This model is collapsing under the weight of cloud adoption and DevOps velocity.
We must formally embed security engineers (not just liaisons) within the critical Product, Platform, and Engineering teams. Their mandate is not to police, but to provide secure, reusable patterns and to push the responsibility for 80% of tactical security decisions down to the asset owners (application teams, business units).
We need to stop focusing on internal metrics and focus on business partnership metrics – like Time-to-Market for a new product without critical findings right out of the gate, and reducing the friction in the deployment pipeline. The Security Team’s efficiency should be measured by how fast the business can safely move.
This distribution of accountability frees the central security team to focus on the truly strategic, high-value tasks: Threat Intelligence, Architecture Review, and Incident Response. The efficiency of a CISO skyrockets because they can multiply their security workforce without hiring a single new analyst.
The most efficient CISO in 2026 is one who successfully lobbies the business to simplify the operating environment and takes responsibility off the security team’s plate, rather than waiting for vaporware AI to magically solve organizational problems.”
Christie Terrill, CISO at Bishop Fox
“In 2026, I am most eagerly hoping for an industry-wide maturation in AI governance. I’m looking for AI terminology to become a functional shared language and for technical mitigations to AI-introduced challenges to become seamlessly embedded in existing platforms and services.
The current control frameworks and technical monitoring capabilities available still feel piecemeal and not widely implemented or deployed. This leads to confusion and extra conversations when interacting with third parties, vendors, and customers, all who are trying to protect their own risk posture by requiring a strict high bar upon each other.
It feels to me a bit like the cooking show “Chopped,” where teams get mystery baskets with random ingredients and they are tasked with creating a dish using all of the ingredients in each round. In this case, it’s companies who are each given all the same challenges with data, identity, and third-party governance issues, but when we layer on AI as the wildcard ingredient, we are each coming up with different conclusions on how to swiftly and securely deploy AI capabilities. In an integrated industry of vendors, partners, and customers, this causes existential challenges on how we all continue to work together while retaining our own risk posture.
My hope is that 2026 marks the shift from navigating a ‘mystery basket’ of AI risks to building shared guardrails that let us advance collectively rather than independently.”
Larry Whiteside Jr., Co-Founder and President at Confide Group
“Going into 2026, the most transformative shift enabling me to operate more efficiently is the rapid advancement of AI, especially agentic AI, across people, process, and technology.
AI now serves as a force multiplier in every dimension of my work. On the customer side, it allows me to produce highly tailored content and analysis in a fraction of the time, driving meaningful efficiencies that help me maintain lower margins and pass cost benefits directly to my clients. What once required substantial manual effort can now be generated rapidly and with greater precision, enabling a higher level of personalization and responsiveness.
Operationally, AI is eliminating the need for human execution of many routine and repetitive workflows such as emails, ticket handling, documentation, and triage. Hiring used to be one of the largest expenses of a company like mine, but AI now enables us to support more customers without expanding headcount at the same rate. Agentic AI moves much of this work into an oversight rather than execution model, removing layers of process, accelerating outcomes, and allowing my team to focus on decisions instead of mechanics. We are no longer dependent on humans to perform every task required to run the business.
From a service offering standpoint, AI is allowing many capabilities to shift from human performed to human supervised. This reduces the number of steps, standardizes workflows, and increases both speed and consistency in delivery. It opens the door to new, scalable service models where AI handles the heavy lifting and humans provide strategic guidance and quality assurance.
Finally, what I am hearing from CISOs across the industry reinforces this trajectory. They see AI becoming a major driver of value in both operational and governance functions by removing the tedious and time consuming data gathering and cross referencing tasks that have historically slowed teams down. Whether it is a SOC analyst trying to find a needle in a haystack or a GRC analyst assessing whether a control has failed, AI enables them to reach meaningful insights far more quickly. In short, AI, and agentic AI in particular, is reshaping how work gets done. It enhances customer delivery, reduces operational burden, scales service offerings, and strengthens governance. It is the defining shift that will allow me to do my job more efficiently in 2026 and beyond.”
Branden Williams, CISO at InvoiceCloud
“I hate to jump just on the AI everything bus, but I think 2025 started to hint at a tipping point for the usefulness of AI in cybersecurity. What I’m hoping is that companies who are experimenting with multiple LLMs, including supervisory and training capacity, to assist in low level info gathering, discovery, and correlation can boost the effectiveness of blue team analysts. The goal is to shorten dwell time and get better at reducing Type I/II errors that can leave you exposed or waste blue team resources.”
Sean Zadig, CISO at Yahoo
“The shift I’m pushing for is toward collaborative intelligence that actually tells us which threats matter for our specific environment. Context is king here, and I’m encouraged by the emergence of solutions that analyze signals across multiple organizations to provide internet-wide defense. But this only works if we’re all willing to put in what we want to get out of it, meaning reliably sharing intelligence with peers and industry groups, not just consuming it.
AI will play a role in helping us process and contextualize this intelligence at scale, but the fundamental shift is cultural and operational. As an industry, we need to move from hoarding threat data to actively contributing to it. The CISOs who embrace this collaborative model in the coming year will be the ones who finally gain what we’ve been asking for: intelligence that is truly actionable – less noise, more clarity, and a sharper focus on the threats that actually put our organizations at risk.”
Related: Cyber Insights 2026: What CISOs Can Expect in 2026 and Beyond
